Security Advisory

CVE-2026-25647

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-06 19:03:36
Last updated 2026-02-09 15:28:33
Assigner GitHub_M
State PUBLISHED

Description

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks the rendered content, the script executes in the context of their session.